Huge Insurance Company WellPoint Settles Once Again, Providing a Window On the Ethical Questions Its Birth Presented

Another month, another question about the ethical conduct of for-profit insurance giant WellPoint. 

WellPoint Settles Allegations its Predecessor Anthem Cheated its Former Policy-Holders

This time the issue was how the company treated people insured by its now Anthem subsidiary a long time ago.  Here is the Reuters version:

Health insurer WellPoint Inc has agreed to pay $90 million to settle a class-action lawsuit against its Anthem unit over accusations the company did not fairly compensate former members when Anthem was converted from a mutual company into a stock company.

The Indianapolis Star noted:

WellPoint had fought the lawsuit for seven years in court.

The lawsuit alleged that WellPoint's Anthem subsidiary underpaid policyholders who opted to receive cash instead of stock when the Blue Cross-Blue Shield franchisee converted in 2001 into a stock company.

Of course, a WellPoint spokesman denied the company had done anything wrong, per Reuters,

Anthem spokeswoman Kristin Binns said in an e-mailed statement.

'We continue to believe that in all ways the company acted appropriately and in the best interests of its former members,...'

The Historic Context: the Conversion of Non-Profit Health Insurers into For-Profit Corporations

This may seem very dry and only of historical interest, but consider the historical context. Per Wendell Potter's Deadly Spin, after the Clinton administration's failed attempt at health reform, leaders of previously non-profit Blue Cross and Blue Shield insurance plans saw a new opportunity. In the mid-1990s,

the Blue Cross and Blue Shield Association took a little-noticed but monumental step. The trade group, a bastion of non-profit health insurers that included the founders of the modern health insurance system, modified its bylaws to permit members to convert into public-stock companies.

Potter opined about the executives' main motivation for conversion to for-profit status, and then consolidation of the resulting companies,

They would earn bigger pay packages for managing larger businesses, and if they could convert them to for-profit companies, they would earn even more.

So,

Fourteen Blue Cross plans, most of which dominated their state-wide markets, converted from nonprofits to for-profits, and by 2004 all fourteen wound up as wholly owned subsidiaries of WellPoint....

The Anthem Demutualization as a Step to WellPoint Executives' Enrichment

Anthem began as a non-profit insurance company, Blue Cross/Blue Shield of Indiana. Its hired managers first converted it into a mutual insurance company, a company that was owned by its policy-holders, and hence somewhat a non-profit in spirit. Then the executives started to acquire other formerly non-profit Blue Cross and Blue Shield plans. Then they converted the mutual insurance company into a pure for-profit. The for-profit Anthem eventually acquired WellPoint, taking that company's name. The resulting company then had become the biggest for-profit US health care insurer. In 2003, as the acquisition of WellPoint was pending, the Indianapolis Star reported:

The top executive at Anthem Inc. will receive a $42.5 million stock-and-cash award for guiding the company as it became the state's largest firm and now stands to become the nation's largest health benefits company.

Larry C. Glasscock will receive the merit-based performance award over the next three years on top of his salary, bonus and other compensation of $3.73 million last year. It's the most compensation Glasscock has received since he became the company's chief executive in 1999 and helped convert it to a publicly traded concern in 2001

Furthermore,

Award amounts of $16 million each went to Glasscock's two highest-ranking associates: executive vice presidents David R. Frick, an attorney and former Indianapolis deputy mayor, and Michael L. Smith, a former chief executive of moving company Mayflower Group.

In addition, the president of Anthem Midwest, Keith R. Faller, will get a stock-and-cash award of $11.9 million, while Anthem Southeast President Thomas G. Snead Jr. got $4.36 million.

The allegation that the company's hired managers failed to adequately reimburse policy-holders for the policy-owners' ownership interests in the mutual version of Anthem was the basis of the law-suit that was just settled. The Anthem demutualization was a key step in the formation of the WellPoint behemoth. Its creation was the rationale to make the executives listed above rich. The allegations made in the lawsuit just settled suggest that they earned these huge windfalls on the backs of the policy-holders who at one point thought it was their company, and formerly thought that their insurer was a benign non-profit organization.

A Continuing Record of Ethical Misadventures

Thus, the lawsuit just settled suggests that WellPoint was born in ethically questionable circumstances, and that its creation served more to enrich its hired executives, who may have started as hired leaders of mission-oriented non-profit organizations. So in retrospect maybe it is not so surprising that WellPoint's leadership has continued to generate a series of ethical questions.

Since we began Health Care Renewal, we have noted that the company:

• settled a RICO (racketeer influenced corrupt organization) law-suit in California over its alleged systematic attempts to withhold payments from physicians (see 2005 post here).
• subsidiary New York Empire Blue Cross and Blue Shield misplaced a computer disc containing confidential information on 75,000 policy-holders (see 2007 story here).
• California Anthem Blue Cross subsidiary cancelled individual insurance policies after their owners made large claims (a practices sometimes called rescission).  The company was ordered to pay a million dollar fine in early 2007 for this (see post here).  A state agency charged that some of these cancellations by another WellPoint subsidiary were improper (see post here).  WellPoint was alleged to have pushed physicians to look for patients' medical problems that would allow rescission (see post here).  It turned out that California never collected the 2007 fine noted above, allegedly because the state agency feared that WellPoint had become too powerful to take on (see post here). But in 2008, WellPoint agreed to pay more fines for its rescission practices (see post here).  In 2009, WellPoint executives were defiant about their continued intention to make rescission in hearings before the US congress (see post here).
• California Blue Cross subsidiary allegedly attempted to get physicians to sign contracts whose confidentiality provisions would have prevented them from consulting lawyers about the contracts (see 2007 post here).
• formerly acclaimed CFO was fired for unclear reasons, and then allegations from numerous women of what now might be called Tiger Woods-like activities surfaced (see post here).
• announced that its investment portfolio was hardly immune from the losses prevalent in late 2008 (see post here).
• was sanctioned by the US government in early 2009 for erroneously denying coverage to senior patients who subscribed to its Medicare drug plans (see 2009 post here).
• settled charges that it had used a questionable data-base (built by Ingenix, a subsidiary of ostensible WellPoint competitor UnitedHealth) to determine fees paid to physicians for out-of-network care (see 2009 post here). 
• violated state law more than 700 times over a three-year period by failing to pay medical claims on time and misrepresenting policy provisions to customers, according to the California health insurance commissioner (see 2010 post here).
• exposed confidential data from about 470,000 patients (see 2010 post here) and settled the resulting lawsuit in 2011 (see post here).
• fired a top executive who publicly apologized for the company's excessively high charges (see 2010 post here).
• California Anthem subsidiary was fined for systematically failing to make fair and timely payments to doctors and hospitals (see 2010 post here).
• management was accused of hiding the company's political contributions from the company's own stock-holders (see 2012 posts here and here).

Meanwhile, top hired managers have continued to draw bloated compensation from the company.  For example, as we noted here, current WellPoint CEO Angela Braly got $13.2 million compensation, and received an additional $6.9 million from newly vested restricted stock units in 2011, despite falling company earnings.

Summary: A Company Too Big to Manage Except to Enrich Its Executives

Thus, we have seen an amazing string of incidents suggesting that company leadership has consistently put short-term revenues, and the resulting exaggerated management compensation, before stock-holders' interests, and before patients' interests.  Yet this pattern, so plain above, has largely not been assembled from its component pieces in public other than on Health Care Renewal.  Lack of perception of this pattern may explain why this incredible compilation of ethical missteps has failed to generate any calls for massive revisions in how this company is lead and governed, or perhaps calls to dismantle such a large for-profit company as unmanageable except as a source of nearly unlimited dollars for the enrichment of its top insiders.

True health care reform would require the leaders of health care organizations to uphold the health care mission ahead of their own self-interest, and to be accountable to the organizations' owners, when they exist, and to patients and the public at large.

Wall Street Journal Defends Hired WellPoint Executives' Lack of Accountability to the Company's Owners

The lack of accountability of the hired managers (or executives or bureaucrats) of health care organizations came into sharper focus thanks to a bizarre, in my humble opinion, Wall Street Journal editorial from last week. 

Background: Shareholder Campaign for Oversight of Hired Executives Use of Corporate Money for Political Purposes

In the background is the campaign by some of the owners, that is, shareholders of giant publicly held for-profit insurance company WellPoint to make its executives' attempts to involve the company in politics more transparent and accountable.  (See our previous post here.)  As noted more recently in Fortune (by way of CNN),

shareholders and major U.S. companies have been meeting behind the scenes to discuss improvements in oversight and disclosure practices. 'Companies need to remember that shareholders have a right to know how their money is being spent,' wrote Eric Sumberg, spokesperson for New York State Comptroller Thomas P. DiNapoli, representing the New York State pension fund, in an email. 'Transparency and full disclosure will help to deter high risk political spending that could hurt shareholder value.'

Aetna and WellPoint are two companies contending with shareholder proposals on political spending disclosure this year.

The Center for Public Accountability (CPA) rates the disclosures at Aetna and WellPoint as having 'room for improvement.' Both WellPoint and Aetna have disclosure practices that 'leave significant room for serious misrepresentation of the company's political spending through trade associations,' according to the Center's Political Accountability and Transparency Reports. According to the Center reports, both companies gave money to AHIP (American Health Insurance Plans). And $86 million in funds from AHIP were allegedly funneled to the Chamber of Commerce to lobby against health care reform, according to reports from Bloomberg and the National Journal.

Note that this money was supposedly used by WellPoint executives to undermine the Obama administration's health care reform proposals while the company was publicly supporting aspects of these proposals.

The Wall Street Journal Says Hired Executives Not Accountable to Shareholders

The Wall Street Journal's editorial page's denunciation of this campaign by corporate owners to assert their rights, and the accountability of hired managers opened thus,

The campaign to intimidate companies from exercising their free-speech rights is in high gear as shareholder proxy season arrives, and the most prominent early target is health-insurer WellPoint. The arc of this attack will be one of the election year's political leitmotifs, and it should be on the radar of every corporate boardroom.

In the favored new tactic of the left, unions and activists are using politicized shareholder resolutions to send a message to corporations: Drop support for free-market and conservative causes, or you'll take a political beating.

The Journal conveniently ignored that the campaign is not from outside the corporation, but from its very owners, and that the people they are supposedly trying to intimidate are actually supposed to be responsible to them.  In addition, it begged the question of how political spending by hired corporate bureaucrats unaccountable to the people who own the company could possible have anything to do with free markets.

If some owners do not think that executives should be spending company money on political causes (especially presumably causes that the executives favor, or that reflect the executives' self-interest), they have a perfect right to think so, and to act on their thoughts.


Then the  Journal went on to assail the shareholders' challenge to some members of the WellPoint board of directors.  After first defining Change to Win as a "union front group," -

Change to Win is now targeting WellPoint's annual meeting on May 16 when it will demand that shareholders vote against board members Julie Hill and Susan Bayh (wife of former Indiana Democratic Senator Evan Bayh) because the company has refused to disclose or stop all of its political spending. Among the company's crimes? Corporate funding of, you guessed it, ALEC.

Now let us back up a minute. This is about a campaign by stockholders, that is, people who are owners, albeit fractional owners of WellPoint. It is some shareholders who want to vote against the particular board members.  WellPoint directors are supposed to have a fiduciary duty to represent the stockholders', that is, the owners' financial interests. If stockholders think members of the board of directors are not representing the stockholders' interests, the stockholders have a perfect right to vote against them. 

However, the Journal fulminated,

The union attack on WellPoint is notable for targeting two board members by name and the effort to make extra hay out of Susan Bayh's political profile. (Added frisson: Evan Bayh has worked as a consultant to the Chamber.) The ad hominem attack is right out of the Saul Alinsky playbook and is intended as a warning to other corporate directors that their personal reputation will be damaged if they don't force companies to stop donating to industry groups.

Note further that all stockholders are owners, whether they are also union members, or have green hair. Note further that the owners again have a perfect right to criticize or vote against board members who they believe are not properly exercising their fiduciary responsibilities to stockholders, that doing so has nothing to do with the ad hominem fallacy, and that this right is not nullified for stockholders with particular political opinions, or stockholders whom the Wall Street Journal does not like.

Summary

So we see the Wall Street Journal, supposed defender of capitalism, attacking a fundamental part of capitalism, the right of ownership, corporate ownership in this case. Instead, presumably, the Journal editorialists thinks that hired corporate executives ought to be completely unaccountable to the stockholders, and able to do whatever they want, including to do what is in their self-interest but not the owners' interests.

So this is how far the coup d'etat by hired executives/ managers/ bureaucrats has progressed. Supposed defenders of capitalism are now defending the rule of hired corporate insiders, completely disregarding the rights of owners. All we are lacking is a catchy name for rule by the hired managers/ bureaucrats/ executives. I am open to suggestions.

We have long criticized leaders of health care organizations who are ill-informed, unaware or hostile to health care professionals' core values, self-interested, or even corrupt.  We have discussed how bad leadership has advanced as leaders have become less accountable.  It appears that the lack of accountability of health care leaders, and their tendencies to put their own interests first, is part of a larger problem.  This is the take-over by most of society's important organizations by the managers, bureaucrats, and executives who were hired to run them.  For profit corporate hired leaders have become unaccountable to the corporations' owners.  Non-profit organizations' hired leaders have become unaccountable for the mission, or for their organizations' stakeholders. 

If we want health care, and democratic society to survive, we need to counter the managers' coup d'etat and make leaders accountable once again. 

Some of WellPoint's Owners (Stockholders) Allege Their Hired Executives Hid Political Contributions

We have frequently had reason to question the actions of WellPoint, the second largest for-profit health insurance company/ managed care organization in the US. 

Hidden Political Contributions

The Washington Post reported yet another one,

Health insurance giant WellPoint is the latest target of an increasingly aggressive campaign to force disclosure of corporate political and lobbying expenditures, including payments to the U.S. Chamber of Commerce, which has become more active in elections over the past decade.

The WellPoint campaign, set to be formally announced Thursday by a coalition of activist investor groups, demands the resignation of two WellPoint board members, including Susan Bayh, the wife of former senator Evan Bayh (D-Ind.), for allegedly failing to oversee 'high risk political spending.'

The shareholder coalition cited WellPoint’s reluctance to answer questions about a transfer of $86 million from the health insurers trade association to the U.S. Chamber of Commerce in 2010, when the Chamber was actively opposing President Obama’s health-care overhaul. WellPoint is a member of the association, America’s Health Insurance Plans.

'This is the most egregious clandestine campaign funding we have ever seen,' said Michael Pryce-Jones of the CtW Investment Group, a labor-affiliated organization that is part of the shareholders’ coalition, referring to the payments from the trade association to the Chamber of Commerce.

However,

At WellPoint, officials dismissed the notion that the company has been secretive about its political giving. On the contrary, spokeswoman Kristin Binns said, the firm discloses a great deal on its Web site.

'WellPoint complies with all disclosure requirements under federal, state and local laws,' she said, noting that the company publishes a 'very extensive' annual report on its political contributions.

But,

That report does not include details of the sort of special payment that the shareholders coalition said WellPoint made to the health insurers association.

So, to summarize, WellPoint management is accused of spending tens of millions on political lobbying while hiding the spending from the public and from the company's nominal owners, that is, its stock-holders, by laundering it through a third party.

WellPoint's Sorry Ethical Record

This is just the latest questionable behavior by WellPoint we have discussed. Previously, we have noted incidents in which the company  ...
 

• settled a RICO (racketeer influenced corrupt organization) law-suit in California over its alleged systematic attempts to withhold payments from physicians (see 2005 post here).
• subsidiary New York Empire Blue Cross and Blue Shield misplaced a computer disc containing confidential information on 75,000 policy-holders (see 2007 story here).
• California Anthem Blue Cross subsidiary cancelled individual insurance policies after their owners made large claims (a practices sometimes called rescission).  The company was ordered to pay a million dollar fine in early 2007 for this (see post here).  A state agency charged that some of these cancellations by another WellPoint subsidiary were improper (see post here).  WellPoint was alleged to have pushed physicians to look for patients' medical problems that would allow rescission (see post here).  It turned out that California never collected the 2007 fine noted above, allegedly because the state agency feared that WellPoint had become too powerful to take on (see post here). But in 2008, WellPoint agreed to pay more fines for its rescission practices (see post here).  In 2009, WellPoint executives were defiant about their continued intention to make rescission in hearings before the US congress (see post here).
• California Blue Cross subsidiary allegedly attempted to get physicians to sign contracts whose confidentiality provisions would have prevented them from consulting lawyers about the contracts (see 2007 post here).
• formerly acclaimed CFO was fired for unclear reasons, and then allegations from numerous women of what now might be called Tiger Woods-like activities surfaced (see post here).
• announced that its investment portfolio was hardly immune from the losses prevalent in late 2008 (see post here).
• was sanctioned by the US government in early 2009 for erroneously denying coverage to senior patients who subscribed to its Medicare drug plans (see 2009 post here).
• settled charges that it had used a questionable data-base (builty by Ingenix, a subsidiary of ostensible WellPoint competitor UnitedHealth) to determine fees paid to physicians for out-of-network care (see 2009 post here). 
• violated state law more than 700 times over a three-year period by failing to pay medical claims on time and misrepresenting policy provisions to customers, according to the California health insurance commissioner (see 2010 post here).
• exposed confidential data from about 470,000 patients (see 2010 post here) and settled the resulting lawsuit in 2011 (see post here).
• fired a top executive who publicly apologized for the company's excessively high charges (see 2010 post here).
• California Anthem subsidiary was fined for systematically failing to make fair and timely payments to doctors and hospitals (see 2010 post here).

Yet despite this amazing recent record, WellPoint's top executives continue to prosper.  Earlier this month the Indianapolis Star reported that WellPoint Chair and CEO Angela,

Braly, 50, received 2011 compensation valued at $13.2 million, according to an Associated Press analysis of the Indianapolis company's annual proxy statement. That represents a 2 percent drop compared with 2010.

Braly, who has served as CEO for nearly five years, received a $1.1 million salary in 2011, a total that has stayed flat since 2008. Her compensation also included a performance-related bonus of nearly $1.9 million, stock and option awards totaling about $10 million and $216,279 in other compensation.

While her compensation dropped 2%,

WellPoint's earnings fell in the final three quarters of last year compared with 2010, capped by a 39 percent drop in the fourth quarter. In total, the insurer's earnings sank 8 percent compared with 2010.

The compensation above did not take into account that

Braly also made about $6.9 million last year mostly from previously awarded restricted stock units that had vested.

Summary

WellPoint CEO Angela Braly, like many of her fellow top hired managers of health care organizations, has become more wealthy every year despite her company's record of questionable conduct, and out of proportion to her company's financial results.

Based on illusory promises of greater efficiency that would benefit everyone, we have handed health care over to large, increasingly for-profit organizations, and we have handed control over these organizations to hired managers. We have made these managers accountable to no one, so they seem to run their organizations to benefit themselves first. Is it any surprise that organizations run to benefit top insiders do not much benefit patients' or the public's health?

Maybe the campaign by some of WellPoint's nominal owners to at least make what the company pays to influence politics transparent is a tiny first step to making the leadership of health care organizations accountable both to the organizations' owners (when they exist) and to patients and the public at large. Until they become so accountable, do not expect any improvements in health care cost, quality or access.

Still More Electronic Medical Data Chaos, Pandemonium, Bedlam, Tumult and Maelstrom: But Don't Worry, Your Data is Secure

Case 1. Tumult

October 5, 2011
New York Times
Patient Data Landed Online After a Series of Missteps

By KEVIN SACK

Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site. [Got all that? - ed.]

In an e-mail sent to a victim of the breach, the billing contractor, Joe Anthony Reyna, president of Multi-Specialty Collection Services in Los Angeles, explained that his marketing vendor, Frank Corcino, had received the data directly from Stanford Hospital, converted it to a new spreadsheet and then forwarded it to a woman he was considering for a short-term job.

The position was with Mr. Corcino’s one-man shop, Corcino & Associates, Mr. Reyna wrote in the e-mail, which was authenticated by his lawyer, Ellyn L. Sternfield. The job applicant apparently was challenged to convert the spreadsheet — which included names, admission dates, diagnosis codes and billing charges — into a bar graph and charts, Stanford Hospital officials said.

Not knowing that she had been given real patient data, the applicant posted it as an attachment to a request for help on studentoffortune.com [I wrote about that earlier here - ed.], which allows students to solicit paid assistance with their work. First posted on Sept. 9, 2010, the spreadsheet remained on the site until a patient discovered it on Aug. 22 and notified Stanford.

My, how electronic data can travel when mishandled. Try that trick with 20,000 paper charts ...

The hospital, located on the campus of Stanford University in Palo Alto, demanded that the spreadsheet be removed, and the Web site quickly complied. Pressed for time, the job prospect wound up completing the assignment herself and, in the end, did not get hired, Ms. Sternfield said.

Ironically, this was all for naught.

Mr. Corcino, in his first public statement, attributed the breach to “a chain of mistakes which are far too easy to make when handling electronic data.”

Far too easy to make - especially by the dyscompetent.

... Breaches of private medical data have become distressingly commonplace, with two substantial ones disclosed in the last week alone. [We don't know the details of those yet; that's for next week - ed.]

Case 2: Pandemonium (from same NYT article)

In Orlando, officials with Florida Hospital reported that three employees had improperly combed through emergency department records of 2,252 patients, apparently to forward information about accident victims to lawyers. The employees were fired, and law enforcement officials are investigating.

Trolling for Torts - is this a new EMR TV game contestant show? Perhaps it could be followed by "Trolling for Tarts?"


Case 3: Bedlam (from the same NYT article)

Meanwhile, Science Applications International Corporation disclosed that computer backup tapes containing medical data for 4.9 million military patients [that number also amounts to almost 2% of the total U.S. population - ed.] had been stolen from an employee’s car in San Antonio. The data included Social Security numbers, clinical notes, laboratory test results and prescriptions. The company said the risk of harm was low because retrieving data from the tapes would require specialized knowledge, software and hardware. [Who's to say the theft was not by someone with that specialization, or someone paid by same to steal the tapes? - ed.]

The Texas breach is by far the largest since September 2009, when a new federal law began requiring disclosures of medical privacy violations involving at least 500 people. Some 330 such episodes have been tallied, including four others that affected more than one million people each.

We'd all be buried in stray clinical paper by now if it weren't for computers. Thank god for them!

Officials at the Department of Health and Human Services said the new reporting requirements had exposed deep vulnerabilities and encouraged renewed vigilance.

Exposed to whom? The blind, deaf and dumb?

“We’re moving in the right direction in terms of a culture of compliance,” said Leon Rodriguez, director of the department’s Office for Civil Rights, which investigates medical privacy cases. “Are there still a lot of problems out there? Yeah, my sense is there are still a lot of problems.”

The Titanic was moving in the right direction - towards New York Harbor, in fact, when it met a little unexpected obstacle. Perhaps a culture of brains would be better than a culture of compliance...

The Stanford breach was notable for the duration of public exposure, and for spotlighting the vulnerability created by a medical provider’s business relationships with outside parties.

Last week, lawyers filed suit in state court in Los Angeles, seeking certification as a class action and $20 million in damages from Stanford Hospital & Clinics and Multi-Specialty Collection Services, which is known as MSCS.

$20 million might hurt a bit, and might help motivate the organization to hire better and/or more appropriate clinical information management expertise - in house where it belongs (see below).

The threat of liability set off a predictable round of finger-pointing.

In written responses to questions, Lisa Lapin, Stanford University’s assistant vice president for university communications, said, “MSCS bears the complete and sole responsibility for the breach.”

It's their fault, not ours.

Ms. Lapin said the hospital had sent the data in encrypted form to Mr. Corcino, who requested it on behalf of MSCS to analyze a strategy for improving billing collections. She said Mr. Corcino had regularly represented himself as MSCS’s executive vice president and had been Stanford’s “primary contact” during a seven-year relationship. MSCS, a five-person firm that audits hospital accounts to maximize reimbursement, possessed the passwords to unencrypt the data, she said.

It was all about money and outsourcing.

“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract and is shockingly irresponsible,” the hospital said in a statement.

It is foolish to believe that someone else can run critical aspects of your business, and it is even more foolish to believe that it is OK for someone else to run critical aspects of your business.

Ms. Sternfield, Mr. Reyna’s lawyer, said Mr. Corcino had never been an MSCS employee, but rather was paid a monthly fee to drum up business, typically in face-to-face meetings with health care executives. Mr. Reyna, she said, had no knowledge that the Stanford data had been sent to Mr. Corcino, or that he had passed it on.

Mr. Corcino was not authorized to use an MSCS title, Ms. Sternfield said, but she declined to say whether Mr. Reyna was aware of the practice. She acknowledged that Mr. Corcino sometimes used an MSCS e-mail account.

In his e-mail to the breach victim, who shared it with The Times, Mr. Reyna wrote that Stanford had sent the file to Mr. Corcino “for a potential MSCS project that would audit paid accounts to verify that the reimbursement was correct.”

For his part, Mr. Corcino said in a statement that he was an independent contractor but was “the marketing face of the company,” and that MSCS “allowed me to use the title of executive vice president.” He wrote: “Stanford sent the file to me at MSCS, and I imported the data into a spreadsheet that was forwarded to the job applicant as part of a skills test. I did not intend to provide any personal health information in the file. This was a marketing project.”

Without explaining how or why he sent the data to the applicant, Mr. Corcino said MSCS had not trained him properly and faulted Stanford for sending him private information that he did not need. That, he said, was the “first link in a chain of mistakes.”

“I regret that Stanford released a file containing unnecessary information,” Mr. Corcino said, “that MSCS did not have an appropriate training and audit system for the handling of electronic data and that I was not more careful with the file. While Stanford and MSCS left the information in the file I received, it was my mistake to not catch its inclusion and remove the data.” ... The hospital has terminated its relationship with MSCS, and Mr. Reyna has done the same with Mr. Corcino.

Even I can't follow all that. This will be one convoluted court case...

Stanford Hospital has reassured affected patients that the posted spreadsheet did not contain Social Security numbers, birthdates or credit card numbers, and has offered free identity theft protection services. The hospital said it had not uncovered any misuse of the exposed data.

Yet, that is. (Is it no wonder that sedatives are among the most highly-prescribed medications?)

Moving from the NYT article:

Case 4: Tumult (I'm running out of descriptors)

A large class action lawsuit again Health Net and IBM:

California Legal
Westlaw Journal Insurance Coverage

Health Net’s, IBM’s negligence compromised medical data, suit says

June 7 (Westlaw Journals) - Health Net Inc. and IBM face a class-action lawsuit seeking $5 million in damages over the loss of computer storage devices that held the medical histories, financial data and Social Security numbers of 2 million people.

Health Net Policyholder Alana Bournas’ class-action complaint in the U.S. District Court for the Eastern District of California alleges that the insurer and IBM breached their duty of confidentiality and negligently allowed the release of highly personal and confidential information of millions of Health Net employees and policyholders.

The complaint alleges violation of California’s Confidentiality of Medical Information Act, Cal. Civ. Code § 56; Cal. Civ. Code § 1798.2, which concerns the unauthorized disclosure of customer records; Cal. Bus. & Prof. Code § 17200, the state’s unfair-competition law; and public disclosure of private facts.

Companies will either pay the going price for competent employees, or pay for the mistakes of incompetent ones. It would probably be better for society, however, to do the former habitually.

The suit says IBM agreed to manage Health Net’s information technology database for five years beginning in 2008.

IBM informed Health Net Jan. 21 that it had lost nine disk drives containing the confidential information of 2 million people, including Health Net policyholders and employees.

Health Net failed to alert the victims of the breach until March 14, the complaint says.

IBM allegedly also failed to encrypt the data, thereby enabling anyone who possesses the hard drives to easily access the confidential information. This puts the victims at an increased risk of identity theft and “other unauthorized uses of plaintiff and class members’ personal information” the suit says.

Encryption, a feature now built into mainstream OS's by Microsoft and Apple? (Oh wait...IBM...)

Health Net’s attempt to compensate the victims by providing two years of free credit monitoring services through TransUnion is an inadequate remedy for the defendant’s conduct, Bournas says. This “remedy” fails to address unauthorized disclosures of medical information, and the monitoring services only protect against new account fraud but do not address fraudulent activity with existing accounts, the suit says.

These executives apparently can't even get the fix straight.

Moreover, the complaint says, Health Net has previously been accused of a similar breach of confidential information. In 2009 it lost the same types of records of nearly 1.5 million people and waited six months before notifying the victims. In settling the state of Connecticut’s lawsuit stemming from that security breach, the company promised “to enhance security procedures and training,” the suit says.

What can I say?

The current breach could have been avoided had Health Net and IBM taken proper precautions and implemented security policies to maintain consumers’ confidential data, according to Bournas. Therefore, the protections granted under California law require that Health Net be penalized for its negligence, she says.

The plaintiff notes that millions of people entrusted Health Net with their private data.

“At best, defendants’ actions allowed this private information to go astray. At worst, the private information is being viewed, sold, resold, and used for illegitimate and illegal purposes,” the complaint says.

The suit is seeking injunctive relief, compensatory damages, declaratory relief, and attorney fees and costs.

Bournas v. Health Net Inc., No. 2_11-CV-01262, complaint filed (E.D. Cal. May 11, 2011).

I would revise that to say "The current breach could have been avoided had Health Net and IBM hired personnel in adequate numbers with the qualifications and true gravitas (and not laid them off, of course) to maintain consumers’ confidential data."

Case 5: Maelstrom (I am reaching to the bottom of the barrel for such descriptors).

Wellpoint recently settled class-action suit in CA.

AMA news
By Pamela Lewis Dolan, amednews staff.
Posted Aug. 1, 2011.

WellPoint reaches tentative accord in data breach suit

It is the second settlement to come from lawsuits claiming that the company failed to protect the privacy of individual insurance applicants online.

WellPoint has reached a preliminary settlement that will, if approved, bring an end to a class-action lawsuit filed more than a year ago.

The lawsuit, filed in the Superior Court of the State of California, involves the potential exposure of data belonging to more than 600,000 individual health insurance applicants on a company-run website that allowed insurance applicants to track their applications.

The situation came to light when an applicant to WellPoint-owned Anthem Blue Cross of California sued the company in March 2010. The applicant was able to manipulate the web address within the site to gain access to other applicants' information, including names, addresses, dates of birth, Social Security numbers and health and financial information.

In other words, probably changing a simple number in the URL brought up someone else's records. Good going there, Wellpoint. What were the programmers thinking? (Were they thinking?)

When the suit was filed, the company said an upgrade to the system caused the information to become exposed. The company said a third-party vendor validated that all security measures were in place when, in fact, they were not. Changes were made to the system soon after the situation was discovered.

Blame someone else, yet again.

In addition to the class-action suit, the company was sued by Indiana Attorney General Greg Zoeller in July 2010. The suit, filed in Marion County Civil Superior Court, alleged that the company violated the Indiana Disclosure of Security Breach Act by failing to notify Zoeller, and the 32,051 Indiana residents affected by the incident, in a timely manner. That suit was settled in early July, when WellPoint agreed to pay a $100,000 fine. As part of the settlement, WellPoint admitted it had a security breach and failed to properly notify the attorney general's office as required by law.

Gevalt.

Under the preliminary settlement in the California class-action matter, WellPoint agreed to offer credit monitoring for two years to all affected individuals. Class members are eligible to receive reimbursement for identity theft losses of up to $50,000 per incident, as well as additional time to file identity theft claims until May 31, 2016. Those making identity theft claims are eligible for an additional five years of credit monitoring. The company also will donate a total of $250,000 to two nonprofit organizations whose efforts are directed at protecting consumers' privacy on the Internet.

It might have been cheaper and better for goodwill not to outsource a vital function...those third-party vendors can really hurt you. (I'd really like to know - was this "third party vendor" domestic, or overseas?)

WellPoint did not admit wrongdoing in the case, nor was it found guilty. A fairness hearing is scheduled for November, and the courts then will decide whether to approve the settlement.

Large corporations are immune from such formalities as admitting wrongdoing or being found guilty.

-----------------------

But don't worry. Your medical data's safe.

Sort of. See also:

• "Networked EMR's and Healthcare Information Security: Practical When Massive IT Security Breaches Continue?",

• "Networked, Interoperable, Secure National Medical Records a Castle in the Sky?",

• "Operation Aurora And a Widespread Reluctance to Discuss IT Flaws: Is Universal Healthcare IT Really a Good Idea in 2010?",

• "Medical data breach of the week - but your EMR data is secure, trust us, we're IT experts",

• "Insurers Test Data Profiles to Identify Risky Clients",

• and others

-- SS

Millions to Health Insurance CEOs, But Blame Everyone Else for Rising Health Care Costs

The revelations about the huge golden parachute given the outgoing CEO of ostensibly non-profit Massachusetts Blue Cross Blue Shield induced some public discussion about the disconnect between executive compensation and the mission of health care organization (see most recent post here).  Several other recent stories should generate more discussion on these issues. 

First, new proxy statements revealed the compensation of executives of two large for-profit health care insurers/ managed care companies.  In alphabetical order,

Cigna

As reported by the AP, via ABC news, the CEO got a big raise:

Cigna Corp. CEO David M. Cordani's total compensation more than doubled in 2010, his first year as leader of the nation's fourth-largest health insurer, and a period in which the company's earnings, revenue and enrollment all climb.

Cordani, 45, received compensation valued at $15.1 million last year from the Philadelphia managed-care company, according to an Associated Press analysis of a regulatory filing Friday.

That included a $1 million salary, a performance-related bonus totaling more than $7.3 million and stock and option awards adding up to $6.7 million.

In 2009, Cordani's compensation was $6.5 million, but he did not serve for the entire year. Note that according to the 2009 proxy, the previous CEO, H Edward Hanway, received $12,236,740 in total compensation in 2008, his last year as CEO.

What was the rationale for the huge rise in Cordani's compensation from 2009 to 2010? (And implicitly, the fairly large increase compared to Hanway's compensation in his last year?)

The company said in its proxy statement filed with the Securities and Exchange Commission that Cigna 'effectively executed on its growth strategy under Cordani's leadership last year.

'Revenue rose significantly in 2010, reflecting strong premium growth in (Cigna's) ongoing business segments,' the proxy said.

Cigna earned about $1.35 billion, or $4.89 per share, on $21.25 billion in revenue in 2010. That was up from $1.3 billion, or $4.73 per share, on $18.41 billion in revenue in 2009. The insurer's medical membership climbed 4 percent to 11.4 million people compared to the final quarter of 2009, when it fell more than 5 percent. That helped raise premiums and fees in health care, the insurer's largest segment.

Also,

Cigna shares climbed 4 percent to close 2010 at $36.66, while the Standard & Poor's 500 index rose 12.8 percent.

So to recap, Cigna's current CEO's total compensation doubled in a year while earnings and the stock price rose about 4%.

WellPoint

Also reported by AP, via the Washington Post, the CEO got a small raise (but ended up with compensation similar to Mr Cordani's above):

The president and CEO of health insurer WellPoint Inc. received a 3 percent boost in total compensation in 2010 even as the company’s profit and enrollment numbers slipped during a transitional year for U.S. health care companies.

The Indianapolis-based insurer awarded Angela Braly a total pay package worth $13.4 million up from $13.1 million in 2009. Wellpoint disclosed the compensation — which includes salary, bonus and other awards — in a filing with federal financial regulators late Friday.

On the other hand, the company did not do so well financially:

The insurer’s profit fell sharply last year compared with 2009, when the sale of its NextRx subsidiary contributed $2.2 billion in after-tax income. Medical enrollment also slid 1 percent last year to 33.3 million members.

So what was the rationale for even a small raise (over an already huge compensation package)?

In the company’s filing, Wellpoint’s board of directors highlighted accomplishments by management, including reducing general expenses by 3 percent.

Also,

A Wellpoint spokeswoman stressed Friday that the company’s pay formula rewards executives for improving enrollee health, boosting share prices and meeting other pre-set goals.

'For the CEO, almost 90 percent of total target compensation is based on company performance and is tied to meeting established goals,' Kristin Binns said in a statement.

So while Cigna did slightly better financially than last year, its CEO's total compensation doubled to well over $10 million, and while WellPoint did slightly worse financially than last year, its CEO's total compensation increased, again remaining well over $10 million.  It seems that the leaders of top health care organizations will continue to get richer, no matter how well their organizations performed financially, let alone what effect they had on patients' and the public's health.
So What Drives Up Health Care Costs?

Just to distract from CEOs getting increases in their already huge compensation that seem disproportionate to any reasonable measure of their companies' financial performance, health care insurers continued to deny any responsibility for the rise in health care costs.

For example, the San Francisco Chronicle published a story entitled, "Insurer Wants Focus on What Drives Up Health Costs," which had a familiar ring:

When health insurers notify members that rates are going up - often in the punishing double-digits - they typically blame rising medical costs.

They say the problem really isn't theirs; it's all the other pieces of the health-care puzzle that drive up costs that must be passed on to customers.

Don't blame you, don't blame me, blame that fella behind the tree.
It went on to name all the usual suspects (color-coded for comparison below):

Insurers say their costs grow in part because of new medical technologies and the rising price of pharmaceutical products and medical equipment.

The consolidation of hospitals and doctors into large networks also makes it hard to keep prices low, as do waste, fraud and malpractice, they say. The system also lacks incentives for hospitals and doctors to curb costs. For example, they can charge twice by repeating tests and procedures, and by readmitting patients.

Insurers also say they lose money with policies people buy on their own, as opposed to group coverage from employers. Because the individual policies are more expensive, healthier people tend to avoid them, leaving insurers with a sicker pool.

Poor reimbursement from government programs such as Medi-Cal also forces insurers to raise private insurance prices to make up the slack, they say.

Finally, as people get older and fatter, they gobble up more health care resources.

'When you're looking at growth in premiums, the largest engine of that growth are those medical costs,' said Charles Bacchi, executive vice president of the California Association of Health Plans, which represents health insurers. He said critics who claim that insurers raise prices to increase profits and pad executive salaries are wrong, and that insurers' average profit margin has remained at 3 to 5 percent for years.

First, note that the executive compensation, the administrative costs, the marketing, public relations and lobbying costs all come off the top of revenues before any profits are generated, and before any possible dividends get paid to stock-holders.   I suspect that the insurance industry spokespeople immediately switch the topic to profits and investors' results to distract from those who really make money from health insurance companies, the top executives, and all those managers, bureaucrats, marketers, public relations people, and lobbyists who never touch patients and never deliver any care.  As Wendell Potter has written, many people like to blame government bureaucrats for health care's problems. They may deserve some blame, but not any more, and perhaps less than corporate bureaucrats and executives.

Recall further what Wendell Potter described in Deadly Spin. All those health insurance corporate public relations people were earning good salaries in part based on their ability to distract the public and policy-makers from the insurance companies' roles in health care dysfunction. Potter wrote (p. 110):

Rather than admit responsibility for the failures, insurance executives pointed the finger of blame at their customers, the 'consumers' of health care, and, of course, the providers of care. In introducing the concept of their new silver bullet - consumer driven health care - insurance executives claimed that the 'real drivers of health care costs' (one of my CEO's favorite expressions) were the people who sought care when they really didn't need it and the doctors and hospitals who were all too willing to provide this unnecessary care. Sure, the aging population and expensive new technology were also factors, but the main culprits were people who just didn't realize how expensive health care had become.

Note the similarities among the "real drivers of health care costs" promulgated by the corporate PR people and the defense of the health insurers' role mounted above (some of the more obvious color-coded). Note that the defenses never explain why the insurance companies seem unable to negotiate prices down, and why they all use the physician payment schedule derived from the recommendations of the secretive RUC.

For some final irony, the Chronicle found an academic who was not too hard on the health insurance companies:

Glenn Melnick, a health economist at the University of Southern California, sympathizes with many of the insurers' arguments.

He blamed rising costs mainly on higher prices charged by hospitals and doctors, which account for the largest portion of health care spending.

The reporter did not note Prof Melnick's full title, Professor and Blue Cross of California Chair in Health Care Finance. Oops.

So in summary, health care costs continue rising, access keeps declining, and there is no evidence of improvements in quality. Large health care organizations blame each other for the problems, but nearly all of them continue to make their top executives extremely rich. Although the amounts diverted to these executives cannot solely account for the rise in health care costs, the perverse incentives given those who lead health care are likely a major cause of the problems. A health care system run by leaders who are comfortable becoming extremely rich while the health care crisis worsens is a likely recipe for dysfunction.

We now know commercial health insurers deploy well paid public relations departments to use stealthy if not downright deceptive means to distract those who want to address what really causes health care dysfunction (see this post.) It is likely that all large health care organizations use similar stealth advocacy strategies. These strategies have successfully distracted the conversation away from problems with health care leadership and governance, at least until now.

As we have said before, far too often the leaders of not-for-profit health care institutions seem more interested in padding their own bottom lines than upholding the institutions' missions. They often seem entirely unaware of their duty to put those missions ahead of their own self-interest. Like the financial services sector in the era of "greed is good," health care too often seems run by "insiders hijacking established institutions for their personal benefit." True health care reform would encourage leadership of health care who understand health care and care about its mission, rather than those who see a quick way to make a small fortune.

Furthermore, we need an open discussion of the real issues related to health care dysfunction, not one stifled by the anechoic effect, spun by corporate PR, and dominated by "third parties" whose conflicts of interest are hidden.